Windows下父进程监视子进程状态
最近研究自动化测试,需要获取程序的运行状态及结果,下面是些参考资料。
原文地址:http://blog.csdn.net/ariesjzj/article/details/7226443
Linux下有功能强大ptrace,用于让父进程监视/修改/控制子进程的状态。Windows也提供了类似的接口,那就是Debuging API,用它可以编写用户级的调试器。
下面是一个例子,用以实现父进程创建并监视子进程运行状态。
- #include <stddef.h>
- #include <stdio.h>
- #include <string.h>
- #include <stdlib.h>
- #include <stdint.h>
- #include <assert.h>
- #include <windows.h>
- #define MAX_PARAM_LEN 4096
- int main( int argc, char ** argv )
- {
- int i, j = 0, len;
- char command_buf[MAX_PARAM_LEN];
- STARTUPINFO si;
- PROCESS_INFORMATION pi;
- DEBUG_EVENT de;
- BOOL stop = FALSE;
- ZeroMemory( &si, sizeof(si) );
- si.cb = sizeof(si);
- ZeroMemory( &pi, sizeof(pi) );
- if (argc<2) {
- printf("Usage: %s <app_name> [arguments ...]\n", argv[0]);
- return 0;
- }
- // Combine the module name and params into one string.
- for (i = 1; i < argc; ++i) {
- len = strlen(argv[i]);
- if (len >= MAX_PARAM_LEN - j - 1) {
- printf("buffer overflow\n");
- exit(-1);
- }
- j += _snprintf(command_buf + j, MAX_PARAM_LEN - j, "%s ", argv[i]);
- command_buf[j] = '\0'; // just for sure
- }
- if( !CreateProcess(NULL, command_buf, NULL, NULL, FALSE,
- DEBUG_ONLY_THIS_PROCESS, NULL, NULL, &si, &pi ) ) {
- printf( "CreateProcess failed (%d).\n", GetLastError() );
- exit(-1);
- }
- while (TRUE) {
- WaitForDebugEvent (&de, INFINITE);
- switch (de.dwDebugEventCode) {
- case EXCEPTION_DEBUG_EVENT: /* exception */
- switch (de.u.Exception.ExceptionRecord.ExceptionCode) {
- case EXCEPTION_INT_DIVIDE_BY_ZERO: /* #DE */
- // Do what the parent process want to do when the child process gets #DE interrupt.
- TerminateProcess(pi.hProcess,1);
- break;
- case EXCEPTION_BREAKPOINT: /* #BP */
- // Do what the parent process want to do when the child process gets #BP interrupt.
- break;
- default:
- printf("Unknown Exception\n");
- break;
- }
- ContinueDebugEvent(de.dwProcessId,de.dwThreadId,DBG_EXCEPTION_HANDLED);
- continue;
- case CREATE_PROCESS_DEBUG_EVENT: /* child process created */
- // Do what the parent process want to do when the child process was created.
- break;
- case EXIT_PROCESS_DEBUG_EVENT: /* child process exits */
- stop = TRUE;
- // Do what the parent process want to do when the child process exits.
- break;
- default:
- printf("Unknown Event!\n");
- break;
- }
- if (TRUE == stop) {
- //printf("Process exit\n");
- break;
- }
- ContinueDebugEvent (de.dwProcessId, de.dwThreadId, DBG_CONTINUE);
- } // end of loop
- assert(stop);
- CloseHandle( pi.hProcess );
- CloseHandle( pi.hThread );
- return 0;
- }
程序参数为要监视的子进程及子进程的参数。注意一个正常的进程被创建出来后会先后收到CREATE_PROCESS_DEBUG_EVENT, EXCEPTION_DEBUG_EVENT中的EXCEPTION_BREAKPOINT和EXIT_PROCESS_DEBUG_EVENT。所以如果你不想子进程创建起来就出错,那就让处理断点的分支跳去执行ContinueDebugEvent(..., DBG_EXCEPTION_HANDLED)。
例子仅含框架,如要attach到已有进程请参见DebugActiveProcess,要修改子进程状态请参见RriteProcessMemory和WriteProcessMemory等函数。
一些参考资料:
Debugging API examples: http://www.debuginfo.com/examples/dbgexamples.html
Writing the Debugger's Main Loop: http://msdn.microsoft.com/en-us/library/windows/desktop/ms681675(v=vs.85).aspx
Using the Windows Debugging API: http://www.howzatt.demon.co.uk/articles/SimpleDebugger.html
Debugging Functions: http://msdn.microsoft.com/en-us/library/ms679303
Win32调试API:http://hi.baidu.com/combojiang/blog/item/efb56e8ff0ebbfebf11f3654.html
利用Win32 Debug API打造自己的Debugger: http://hi.baidu.com/olhack/blog/item/c1e896508250e86284352407.html
The Debugging Application Programming Interface: http://msdn.microsoft.com/en-us/library/ms809754.aspx
在主进程中捕获子进程的异常:http://blog.csdn.net/simbi/article/details/3705719
Windows Debugging API: http://my.safaribooksonline.com/book/networking/intrusion-detection/9780321446114/in-memory-fuzzing-automation/ch20lev1sec3
浙公网安备 33010602011771号